Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Trying to setup master-local

This thread has been viewed 1 times

  • 1.  Trying to setup master-local

    Posted Aug 19, 2013 05:39 AM

    I have 2 Aruba 650's, A and B.

     

    I want A to be the master and it has the following setup:

    VLAN1: 192.168.1.250. It is behind an internet router, 192.168.1.254. This router is also the default gateway for the controller.

    I'm not 100% sure, but I think the VLAN1-ip is the 'main' IP of the controller. It is selected under 'Controller IP Details' under Network/Controller.

    VLAN3: 10.11.12.13. This is a local LAN.

    Loopback Interface is empty.

     

    I want B to be the local and it has the following setup:

    VLAN1: 192.168.2.250. It is behind an internet router, 192.168.2.254. This router is also the default gateway for the controller.  This internet router is a different internet router than the internet router controller A is behind. This IP also seems to be the 'main' IP of this controller.

    VLAN3: 10.11.12.14. This is the same local LAN that controller A is on.

    Loopback Interface is empty.

     

    I'm trying to setup the master-local connection through VLAN3, since that's a local LAN and it has no firewalls etc. It should be much simpler than trying to route everything through the internet.

     

    Before I set controller B to Local, controller A and B are able to ping each other on their VLAN3 IP's. Then I set controller B to local and set 10.11.12.13 as the master. I enter the same IPSEC key as was entered on the master for 0.0.0.0 (1 key for every possible local). After this, the controllers can no longer ping each other, probably because it's trying to setup IPSEC. However, the IPSEC is not successful it seems.

     

    The process log on the local keeps repeating this:

    Aug 19 11:32:11 cfgm[2276]: <399815> <INFO> |cfgm| Cannot connect to the master 10.11.12.13 error Operation already in progress errno 149 socket id 19
    Aug 19 11:32:11 cfgm[2276]: <307242> <INFO> |cfgm| Failed to connect to the Master (10.11.12.13),Configuration socket will try again: Operation already in progress
    Aug 19 11:32:11 cfgm[2276]: <307103> <INFO> |cfgm| send_tcp_hb_master 103 Connection to the master failed, Will retry socket ID 19 state CONFIG_SOCKET_NOTCONNECTED
    Aug 19 11:32:21 cfgm[2276]: <307025> <DBUG> |cfgm| local:Sending heartbeat message to MMS
    Aug 19 11:32:21 cfgm[2276]: <399814> <DBUG> |cfgm| Sending the heartbeat message. Not Responding counter=10
    Aug 19 11:32:21 cfgm[2276]: <307240> <DBUG> |cfgm| Connecting the Local CFGM socket, state 1
    Aug 19 11:32:21 cfgm[2276]: <399815> <INFO> |cfgm| Cannot connect to the master 10.11.12.13 error Operation already in progress errno 149 socket id 19
    Aug 19 11:32:21 cfgm[2276]: <307242> <INFO> |cfgm| Failed to connect to the Master (10.11.12.13),Configuration socket will try again: Operation already in progress

     

    I guess the problem might be that Aruba wants me to use the 'main' IP's of the controllers to setup the relation instead of the VLAN3 IP? Is this true? Can't I just use the VLAN3 IP's? If I change the 'main' IP to local LAN IP, I no longer have internet access on the controller, it seems it can no longer talk to the default gateway anymore at that moment.

     

    Does anyone have suggestions how I can make this work?

     

    Edit: it seems that when I tell Aruba local to use 10.11.12.13 as a master IP, it tries to connect to 10.11.12.13 through its default gateway (who has no knowledge of the other controller), even though it could just use the 10.11.12.14-interface, which would work perfectly fine.


    #AP103


  • 2.  RE: Trying to setup master-local

    Posted Aug 19, 2013 10:49 AM

    Try adding a static route on controller B as follows:

     

    ip route 192.168.1.250 255.255.255.255 10.11.12.13

     

    This should route the controller IP for controller A via the local interface.



  • 3.  RE: Trying to setup master-local

    Posted Aug 20, 2013 02:10 AM

    I can give that a go, but just trying to think logically, wouldn't it actually be

     

    ip route 10.11.12.13 255.255.255.255 10.11.12.14

     

    because I would like to route traffic to controller A (10.11.12.13) through the local LAN interface (10.11.12.14)?

     

    The line you're suggesting would also require me to set the IP of the master controller for controller B to 192.168.1.250 I guess? And wouldn't that also require a route on controller A so that traffic to 192.168.2.250 goes through 10.11.12.14?

     

    Edit:

    I did on controller B:

    set the IP of the master controller to 192.168.1.250 (instead of 10.11.12.13)

    ip route 192.168.1.250 255.255.255.255 10.11.12.13

     

    it didn't work yet.

     

    Then I did on controller A:

    ip route 192.168.2.250 255.255.255.255 10.11.12.14

     

    now it's working. Cool. Thank you :)

     

    Still pretty strange that the Aruba uses the wrong interface (the primary?) when I set the IP of the master controller to 10.11.12.13, even though it could just use the interface that is L2 connected to this IP. Also, I wonder how it determines what is the 'primary' interface. Is it VLAN1? Is it Port1? Does it depend on the setting under network/controller/Controller IP Details/IPv4 Address?



  • 4.  RE: Trying to setup master-local

    Posted Aug 20, 2013 03:38 AM

    The route would allow controller B to route to the master controller IP of 192.168.1.250. You could try this to allow controller B to talk to the designated controller IP of the master controller.



  • 5.  RE: Trying to setup master-local

    Posted Aug 20, 2013 03:58 AM

    I editted my post above. It is now working. Thanks :)

     

    I still have some questions though, but at least it's working.



  • 6.  RE: Trying to setup master-local

    Posted Aug 21, 2013 09:24 AM

    To further complicate things, controller A and B are no longer on the same subnet. They are on seperate subnets, that are connected through a router.

     

    So now it's like this:

     

    I want A to be the master and it has the following setup:

    VLAN1: 192.168.1.250. It is behind an internet router, 192.168.1.254. This router is also the default gateway for the controller.

    VLAN3: 10.11.12.13. This is a local LAN.

     

    I want B to be the local and it has the following setup:

    VLAN1: 192.168.2.250. It is behind an internet router, 192.168.2.254. This router is also the default gateway for the controller.  This internet router is a different internet router than the internet router controller A is behind.

    VLAN3: 10.11.13.14. This is a different LAN than controller A is on.

     

    10.11.12.0-subnet and 10.11.13-subnet can talk to each other through router with IP's 10.11.12.2 and 10.11.13.2.

     

    Does anyone know what routes I could add on the Aruba's to make them able to communicate?

     

    I tried doing on controller B:

    ip route 10.11.12.0 255.255.255.0 10.11.13.2

    and

    ip route 192.168.1.250 255.255.255.255 10.11.12.13

     

    and on controller A:

    ip route 10.11.13.0 255.255.255.0 10.11.12.2

    and

    ip route 192.168.2.250 255.255.255.255 10.11.13.14

     

    but I don't think it likes doing a next-hop through another next-hop. It does not work.

     

    Any suggestions?

     



  • 7.  RE: Trying to setup master-local
    Best Answer

    Posted Aug 21, 2013 10:15 AM

    You would need to add routes to both the controllers and the routers:

     

    on controller B:

    ip route 10.11.12.0 255.255.255.0 10.11.13.2

    and

    ip route 192.168.1.250 255.255.255.255 10.11.13.2

     

    On the router:

    ip route 192.168.1.250 255.255.255.255 10.11.12.13

    and

    ip route 192.168.2.250 255.255.255.255 10.11.13.14

     

    and on controller A:

    ip route 10.11.13.0 255.255.255.0 10.11.12.2

    and

    ip route 192.168.2.250 255.255.255.255 10.11.12.2

     



  • 8.  RE: Trying to setup master-local

    Posted Aug 21, 2013 10:25 AM

    Thank you. I'll give that a go tomorrow. Makes sense that I would need to add routes on the router in between the networks :)

     

    Another option I have is letting the 2 controllers communicate through the internet. I have found documentation on what ports/protocols to open, but it's quiete a list. Does anyone know the bare minimum for a local-master setup?



  • 9.  RE: Trying to setup master-local

    Posted Aug 22, 2013 03:18 AM

    Thanks, dg27. It's working correctly now through the LAN :) Your help has been excellent.

     

    Actually, it turned out there were 2 routers between the LANS instead of 1, so I needed to adjust your instructions a little, but the principles were the same.

     

    I'm still wondering about the minimal port/protocol requirements for connecting them through the internet, but at least it's working now.



  • 10.  RE: Trying to setup master-local

    Posted Aug 22, 2013 03:42 AM

    Straight from the user guide:

     

    Between any two controllers:
     IPSec (UDP ports 500 and 4500) and ESP (protocol 50). PAPI between a master and a local controller is encapsulated in IPSec.
     IP-IP (protocol 94) and UDP port 443 if Layer-3 mobility is enabled.
     GRE (protocol 47) if tunneling guest traffic over GRE to DMZ controller.
     IKE (UDP 500).
     ESP (protocol 50).
     NAT-T (UDP 4500).



  • 11.  RE: Trying to setup master-local

    Posted Aug 22, 2013 03:47 AM

    I had found this list, but wasn't sure wether the IP-IP and GRE applied to me and I would prefer to open just the bare minimum. Right now, I'm guessing GRE and IP-IP won't apply and go with just:

     

    500,4500 (already open) and ESP. Tnx again.